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ABSTRACT 



A financial information and transaction system comprising a 
host financial computer system, which host system main- 
tains records of user account information; at least one 
terminal providing a user interface for accessing the host 
financial computer system, the at least one terminal includ- 
ing a means for transmitting and receiving data correspond- 
ing to the user account information, and a smart card 
interface device; wherein acce&s to the records of user 
account information are organized in a hierarchy of three or 
more levels, which hierarchy comprises an initial level, a 
final level, and one or more intervening levels; wherein the 
records of user account information are accessed by passing 
through the hierarchy of three or more levels; and wherein 
means are provided for allowing access to the final level in 
the hierarchy by an automated task without passing through 
the one or more intervening levels is described. Further, a 
financial information and transaction system comprising a 
host financial computer system, said host system maintain- 
ing records of user account information; at least one terminal 
providing a user interface for accessing said host financial 
computer system, said at least one terminal including a 
means for conducting a transaction based on the user 
account information, a smart card interface device; and a 
smart card; wherein conducting said transaction based on 
said records of user account information is organized in a 
hierarchy of three or more levels, said hierarchy of three or 
more levels comprising an initial level, a final level, and one 
or more intervening levels; wherein said transaction is 
conducted by passing through said hierarchy of three or 
more levels; and wherein means are provided for allowing 
access to the final level in the hierarchy by an automated task 
without passing through said one or more intervening levels 
is described. These transactions include a deposit of funds; 
a withdrawal of funds; an exchange of currency; a transfer 
of funds between said user's checking account and said 
user's savings account; a purchase of stock; and a sale of 
stock. 

16 Claims, 3 Drawing Sheets 
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SYSTEM FOR PERFORMING FINANCIAL withdraw money, to exchange currency, to view a custom- 

TRANSACTIONS USING A SMART CARD er's balance, to transfer money between the customer's 

checking and savings accounts, to purchase and/or sell 
This application is a continuation of Ser. No. 09/018,791 stocks, etc. A customer wishing to transact only a single type 
filed Feb. 4, 1998, U.S. Pat. No. 6,012,049. 5 of transaction might encounter a series of menus offering the 

various financial transaction options available to the cus- 
BACKGROUND OF THE INVENTION tomer. A transaction;:iDitiaUy. p,erccived,byahcjconsumer to 

be seemingly a quick and efficient excKangcTbccomes a test 
of-enduratfce'betweeh_the customer, and.the machine, as the 



1. Field of the Invention 



This invention generally relates to the field of smart cards customer windows down the choice'available by selecting 

for conducting financial transactions. More particularly, the ^n option at each of several menus, 

present invention relates to a smart card that can acquire ^ there is a need for a smart card that offers enhanced 

mformation regarding a customer s transactions and cstab- ^^^i^E^T^n as^^T~Histomer-ii=^5[^ting a 

hsh a system automated task for assistmg m such financial tran%U5hrlliere^is^also-a needjor a smart card that can 

transactions. ^5 acquire^informadonTcgarding a con^ transactions and 

2. Description of Related Art establish aT^ystem automated task for carrying out such 

Credit cards, debit cards, and automatic teller machine financial transactions:^Such a smart card has not been 

cards are widely used by consumers around the world to available~ih" the prior art. 
access, transfer and spend money. These cards make use of 

a magnetic strip disposed on the back of the card which is 20 SUMMARY OF THE INVENTION 

encoded with information about the cardholder and the Accordingly, it is an object of the present invention to 

account or accounts accessed by the card. Terminals, which ^^^^ abovestated needs and others. It is also an object of 

may be automatic teller machines (ATMs) or merchant present invention to provide a smart card which can 

terminals at a place of business or point of sale, are used to acquire information regarding a consumer's transactions and 
read the coded infonmation on the card and access the 25 eg^gblish a system automated task for carrying out such 

cardholder's account to complete a financial transaction. financial transactions. 

Besides the well known credit and debit cards, stored j^^^ objects, among others, have been obtained by 

value cards are becoming increasingly popular. A stored Cleans of a financial information and transaction system 

value card is a card that is purchased or established for a comprising a host financial computer system, which host 

specific monetary amount. That monetary amount is stored ^^^^^^ maintains records of user account information; at 

as the value of the card. When the cardholder desires to use j^^^j terminal providing a user interface for accessing 

the stored value card to purchase goods or services, the card ^^^^ financial computer system, the at least one terminal 

is presented at the point of sale and the cost of the goods or including a means for transmitting and receiving data cor- 

services purchased is deducted from the value of the card. responding to the user account information, and a smart card 

The cardholder may continue to use the stored value card interface device; wherein access to the records of user 

in this manner until all the value has been removed firom the account information are organized in a hierarchy of three or 

card. The card may then be discarded user of the care may more levels, which hierarchy comprises an initial level, a 

provide a method for replenishing the value of the card. final level, and one or more intervening levels; wherein the 

Such cards are commonly used today as a means for paying records of user account information are accessed by passing 

subway fare and making phone calls. through the hierarchy of three or more levels; and wherein 

The development of such convenient financial instru- means are provided for allowing access to the final level in 

ments has also produced "smart cards." Rather than employ- the hierarchy by an automated task without passing through 

ing information encoded on a magnetic strip, smart cards the one or more intervening levels. 
inc6Tpofate:a microproeessorfwhi^^ 45 These objects, among others, have also been obtained by 

^d~can^interact-withJLhez^MrPJ'^ro means of a financial information and transaction system 

^oyide-inf^matibn^bout.thexafdlio comprising a host financial computer system, said host 

(jaccount,^traiisactipn^3autbc^^ system maintaining records of user account information; at 

Various smart card designs and applications are described in least one terminal providing a user interface for accessing 
the following U.S. Patents which are incorporated herein by jq said host financial computer system, said at least one ter- 

reference: U.S. Pat. Nos. 4,766,293 (Boston); U.S. Pat. No, minal including a means for conducting a transaction based 

4,868,376 (Lcssin et al.); and U.S. Pat. No. 4,874,935 on the user account information, a smart card interface 

(Younger). device; and a smart card; wherein conducting said transac- 

Advanced smart cards, called very smart cards, may even tion based on said records of user account information is 
include a battery, a keypad and an LCD display on the face 55 organized in a hierarchy of three or more levels, said 

of the card. However, due to the expense of such advanced hierarchy of three or more levels compri.sing an initial level, 

cards, typical smart cards have no keypad or display and a final level, and one or more intervening levels; wherein 

look like other plastic credit cards. said transaction is conducted by passing through said hier- 

Sman cards can be designed to operate as stored value archy of three or more levels; and wherein means are 
cards, credit cards, debit cards, ATM cards, calUng cards, 60 provided for allowing access to the final level in the hier- 

etc. A smart card may also be designed to perform any archy by an automated task without passing through said one 

combination of these various functions. However, the mul- or more intervening levels. 

tiplicity of capabihties offered by smart cards could result in These transactions can include, but are not limited to, a 

customer frustration resulting from the vast array of choices deposit of funds; a withdrawal of funds; an exchange of 
available each time a smart card is placed in a smart card 65 currency; a transfer of funds between said user*s checking 

reader. For example, use of a smart card at a Citibank ATM account and said user's savings account; a purchase of stock; 

machine might permit a customer to deposit money, to and a sale of stock. 
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It will be appreciated that the means for allowing access communication systems 14, 16, and 18. However, it will be 

to the final level in the hierarchy by an automated task can, understood by those skilled in the art that various combi- 

in one preferred embodiment, be provided on the smart card; nations of such systems, and others, are possible. For 

in another preferred embodiment, can be provided in the example, a private network 22 may be accessed with the 

smart card interface device; and, in stiU another preferred 5 communications front end 12 through a network service 

embodiment, can be provided on the host financial computer provider 16. Other networks 26, such as the so called 

system. "Internet," may be accessed with the standard switch net- 
works 14 

Additional objects, advantages and novel features of the *. . . _ i r 

.„ , /c _.u • *L J -4- \.- u c 11 The present mvention compnses a financial mformation 

mventron will be set forth m the descnption which follows trai^action system comprLg a host financial computer 

or may be learned by those skilled m the art through reading 10 ^^^^y^^ ^ ^^^^ ^^^^ ^^^^ ^J^^^^ 

these matenals or practicmg the mvcnUon. The objects and ^^^^^^^ ^^^^^^ information; at least one terminal 

advantages of the invention may be achieved through the providing a user interface for accessing the host financial 

means recited in the attached claims. computer system, the at least one terminal including a means 

BRIEF DESCRIPTION OF THE DRAWINGS 15 transmitting and receiving data corresponding to the user 

account information, and a smart card interface device; 

The accompanying drawings illustrate the present mven- wherein access to the records of user account information 

tion and are a part of the specification. Together with the organized in a hierarchy of three or more levels, this 

followmg descnption, the drawings demonstrate and explain hierarchy comprising an initial level, a final level, and one 

the principles of the present invention. In the drawings: ^^^^^ intervening levels; wherein said records of user 

FIG. 1 is a block diagram of a financial information and account information are accessed by passing through the 

transaction system in accordance with the invention; hierarchy of three or more levels; and wherein means are 

FIG. 2 is a block diagram of a smart card according to the provided for allowing access to the final level in the hier- 

invention; and archy by means of an automated task without passing 

FIG. 3 is a block diagram of a file stmcture of the smart through one or more intervening levels, 

card of FIG. 2. An aspect of the present invention is a smart card (e.g., a 

ncTA IT on nncr-DTDXinM nr xtru P^^^^^'^ ^^^^'^ ^^^^^ ^ microcomputer embedded 

DEIAILED DESCRIP I ION OF THE ^ ^^^^^ ^^^^^ ^^^^^ financial and account identification 

PREFERRED EMBODIMENT information in memory. In order to use such a card, the 

FIG. 1 is a block diagram illustrating a system for 3^ computer in an automatic teller machine (ATM) or in a 

providing financial information and performing financial merchant terminal at a point of sale must interface with the 

transactions in accordance with the present invention. In this microcomputer in the smart card. 

embodiment, a financial institution is represented by block FIG. 2 illustrates a multi-purpose smart card 200 which 

10, As known in the art the financial institution, such as a permits both financial and non-financial functions in an 

consumer banking institution, utilizes an automated system, 3^ integrated system such as that described in FIG. 1. The smart 

including a host computer, for maintaining records of cus- card 200 comprises a central processing unit 202 (CPU) 

tomer accounts. These records are used to keep track of which is connected to a read only memory 204(ROM), 

funds in the customer accounts, to enter debits and credits primarily used for storage of an operating system. A random 

made to such accounts, and for other purposes. access memory 206 (RAM) is also provided for volatile 

In order to provide various services to the customer, such 40 storage of data, particularly for program execution. The 
as providing account information and account debiting and CPU 202 is operatively coupled to a serial interface 208 
crediting at the customer's request, a communications front which in turn communicates with a smart card reader 210 
end 12 is used to exchange data corresponding to such according to techniques well known in the art. 
information. The communication front end 12 provides The CPU is connected to an arithmetic logic unit 212, for 
access to the host computer operated by the financial insti- 45 example, one suitable for processing large keys (512 byte 
tution 10 from a variety of communication systems. For keys, 1024 current RSA). An electrically erasable program- 
example, as shown, the communications front end 12 may mable read only memory 214 (EPROM) is provided, which 
exchange data with a standard switch network 14, such as typically stores system files and applications, 
one operated by a regional telephone company. Thus, data As illustrated in FIG. 3, the smart card 200 of FIG. 2 has 
transfer utilizing such a system generally takes place over 50 diiferent file paths for different functions. The EEPROM has 
the telephone line. In this way, data may be exchanged with a master file 220 and dedicated files for different applica- 
a user suitably linked to the standard switch network 14 with tions. These dedicated files include a biometric identification 
a modem using any of a variety of communication protocols file 222 and an encrypted digital signature file 224. Also 
known in the art. Moreover, data may be exchanged in this included is a building access file 226 that contains informa- 
way other financial institutions and financial networks (not 55 tion which enables the card to be used in conjunction with 
shown), for example, to provide data for settiemenl of a security system. The master file 220 also is linked to a 
various customer transactions. banking card debit file 228 which may also have its own 

Alternately, the communication front end 12 may be security path for identification. The smart card has a prepaid 

connected to a network service provider 16 or a private function path 230 which can only be loaded through a secure 

network 18. For example, one of several commercial ser- 60 function, and a "non-secure" electronic purse function file 

vices now available may Unk users throughout a geographic 232. These files are readable by an external terminal and 

area. Further, the communications front end 12 may provide may be decremented as required firom an outside terminal, 

an interface between the financial institution 10 and a private In this example, the master file 220 also has a digital 

network 18 comprising, for example, one or more local area encryption capability 234 providing algorithmic computa- 

nelworks (LAN) or wide area networks (WAN). ^5 tion for the processing of digital keys and encryption of, for 

As illustrated, FIG. 1 shows direct links between the example, the user's PIN. The algorithms used may provide 

communications front end 12 and the various types of symmetrical or asymmetrical encryption as known in the art. 
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While the smart card utilized in the invention embodies a The smart card's file structure is capable of being altered 

"computer", it has a fairly limited memory. For example, the under a secure, special access control after the structure 

EEPROM may be limited to the range between 3 to 8 has been created. 

kilobytes with current technology limitations. Accordingly, To achieve the stated and other objects of the present 

the smart card in the system preferably acts as an enabling 5 invention, as embodied and described below, the invention 

device for other systems according to known techniques. For may comprise: 

example, the smart card provides validation of the individual an automatic teller machine; and 

and the service requested, but does not store large quantities ^ smart card with at least one programmable module; and 

of data on the card. ^j^^ automatic teller machine recognizes the smart card as 

Ibe smart card 200 of FIGS. 2 and 3 includes two storage ^ programmable smart card, 

areas for storing monetary values. The first is an "electronic ^^^^ ^^^^^ interfacing with automatic teller machines 

purse ' represented by file 232. This area is used, for ^^^^^ ^^^^^ ^^^^^^ permitting access to a financial 

example when the user makes a high value Purchase by l^^,^^^^ ^^^-j, , ^3^,^,, ^i^h an array of financial 

placing the smart card m a merchan s termnal. Th^ information and allow the customer to perform a wide 

accepts the transaction and amount of the purchase entered t- 1 l 

by tbe merchant by entering the user's PIN. The user then ^""^'y °f transactions. For example, such access 

^ . f can include review of balances m different accounts, review 

approves the amount, for example, by pushmg an "enter^ _ ^ • , r • . c - 

buuon on a terminal keypad, the card purse cash value is f ttansaction journals for vanous accounts, performmg 

then debited by the requested amount, and, conversely, the .'^f .^""■'g 

, 4 • J * J *u * # These accounts can include, among others, savings 

merchant s account is credited that amount. ^ . , . * u 1 4*1 
„ . , , .V J 20 accounts, checking accounts, brokerage accounts, stock 

A second area for stonng monetary vdues on fee card ^folios, and other investment portfolios, 

comprises a pre-paid account represented by file 230. This ^ convenUonally organized on typical AIM or home 

account is generaUy utibzed for lower value purchases, for ^ ^ ^^^.^^^ ^ ^.^^ 

example fifty dollars or less. Tins account is kept in an ^^^^^^^ ^^^^^ ^^^^^^^ ^ ^^^^ 

unsecured cash area of the smart card arid operates essen- ^^^^^ ^ ^ ^^^^ ^^^^^ 

tiaUy hke cash. For example, the user of the smart card may hierarchical menu stmcture can require the customer to 

make purchases from this account without entering the ^ .^^ ^^^^ ^ ^^^^ 

user's PIN. Possible uses would include, preferably, low ^^^^^^ ^^^j^ ^^^^^^^ ^^^.^^^ 

value, fast transacUons such as a a cafetena, or a vendmg transaction. This can result in significant frustration on the 

machine, or when placing a local telephone call. ^^^^ customer. 

The smart cards referred herein mterface with the system ^^^^^^^ invention provides a system in which a 

through the use of vanous smart card reader/processors. ^^tomcr is placed at a desired menu screen within this 

These processors vary in complexity and sophistication hierarchical menu structure without having to navigate 

depending upon the application. For example, when used to ^^^^^^ ^ j^^g^ ^^^^^^ intervening menu screens. Thus, 

regulate bunding access, the smart card may be inserted mto 35 ^j^^ ^^^^^ constructed a navigational short-cut path 

a smart card reader which simply identifies the user. This ^^^^^^^ ^^^^ ^^^^^ customer, after logging onto 

could be used m lower security areas, such as parking the system (which log on procedure presumably will utilize 

garages. A numerical keypad, by which a users PIN may be ^^^^^ ^^^^^ ^^^^^^ ^^^-^^ ^^^^^^^ jhe customer can 

entered, can be requured for added security, such as at ^^^-^^ navigational short cut path to take him or her 

buildmg door entrances. For even further security, some directly to a menu screen which the customer wishes, 

biometric parameter (such as a fingerprmt) may be used for ^-^ appreciated that the present invention includes 

identification. This same access code with or without a PIN ^ ^^^^^^ ^^-^^ ^he customer can specify an option 

can be used m a smart card reader attached to a stand-alone selected from a group of two or more screens to which the 

or network personal computer to control the level of access ^^^^^^ customer. In one embodiment of the 

to local or remote files, commumcation networks, databases ^^^^^^ invention, the customer will enter a code which 

and network services. directs the system to execute the automated task of taking 

In the aforementioned embodiments, the smart card incor- customer past one or more screens and to a desired and 

porates optional digital encryption signatures and encryption p^^^et screen. In another embodiment, the system displays 

algorithms to enable the smart card to be validated from a ^ ^sting gf various navigational short-cuts, which the 
remote location, such as a host computer at a financial 5Q customer has previously chosen. 

institution or at ofiyon Une merchant terminals equipped with p^j example, if the customer wishes want to pay bills, he 

a SAM module for off-line card authentication. In such she can input "PAY'' and this command will take the 

instances both ends of the communication (for example, the customer to the biU payment menu. In the absence of the 

host computer and the smart card) may each have an present system, the customer might have to go through six 

encryption key so that data (such as a PIN entry) which is 55 j-e^^h the bUl payment menu, 

sent via the smart card and is validated at the host computer. 'phe present invention permits the customer to establish a 

Thus, the host computer is able to vahdate that the smart personal navigation path that will convey the customer 

card is authentic and that the proper user is using the smart direcdy to one or more desired menu screens. The choice of 

card so that a financial transaction can take place. the destination menu screen will reflect the transaction that 

In a wireless off-line situation, the smart card and the go the customer wishes to execute. It will be appreciated that 

terminal being used similarly validate one another because the present invention can be employed in conjunction with 

there is a possibility that a false terminal is being used. ATM devices, home banking terminals, and other terminals 

Accordingly, even in an off line system, security measures which pennit the use of smart cards in connection with 

are available to vahdate the card, the terminal, and the user. obtaining financial information or in executing financial 

In this invention, it is assumed that: $5 transactions, among others. 

The financial institution has been authorized to create an In a preferred embodiment, upon logging onto a system 

apphcation stmcture in a smart card, and permitting access to a financial computer system, a customer 
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will encounter a menu screen that asks the customer whether 
he/she wishes the system to create a personal navigation 
path for the given transaction. If the customer responds 
afGrmatively, then the system will track the path that the 
customer follows in carrying out the transaction. This 
tracked path is then temporarily saved as a system- 
automated task. At the conclusion of the transaction, the 
customer is queried by the system if the customer wishes to 
save the navigational path just traversed. If the customer 
responds affirmatively, the system will save the navigational 
path as a system automated task. 

In those embodiments of the present invention in which 
the system permits a customer to save more than one 
navigational short cut, the system will query the customer to 
identify the saved system automated task by means of a 
code. It wiU be appreciated that this code can by numeric, 
alphabetic, or alphanumeric. The number of characters in the 
code can be one or more characters, the choice of the number 
of characters defining a code being a function of the number 
of navigational shortcuts that the system permits a customer 
to have, as well as memory limitations of the system and the 
smart card. 

In an alternate embodiment of the present invention, the 
system will automatically track the path that the customer 
follows in carrying out a transaction. This tracked path is 
then temporarily saved as a system -automated task. At the 
conclusion of the transaction, the customer is queried by the 
system if the customer wishes to save the navigational path 
just traversed. If the customer responds aflSrmatively, the 
system will save the navigational path as a system auto- 
mated task. In those embodiments of the present invention, 
in which the system permits a customer to save more than 
one navigational short cut, the system will query the cus- 
tomer to identify the saved system automated task by means 
of a code. 

In yet another embodiment of the present invention, the 
system will automatically track the path that the customer 
follows in carrying out a transaction. This tracked path is 
then temporarily saved as a system-automated task. After a 
certain threshold number of traversals of the navigational 
path, the system will save it a system automated task, which 
will be invoked each time the customer logs on. However, 
if the customer deviates from the navigational shortcut, the 
system will reset and begin again automatically tracking the 
path that the customer follows in carrying out a transaction. 

In one preferred embodiment of the present invention, the 
saved system automated task is saved in EERROM memory 
provided on the smart card, such that the data can be saved 
when the smart card is removed. In another embodiment, the 
system will save the system automated task on a file server 
connected to the financial computer system. 

It wiU be recognized that the system of the present 
invention is analogous, for example, to systems which allow 
for programming of a series of keystrokes as a "macro" in 
a word-processing program. Further, systems which monitor 
performance of a system and construct routines based on 
such past performance are recognized as expert systems. 
Examples of such systems can be found in U.S. Pat. No. 
5,487,135 and U.S. Pat. No. 5,555,354, which are incorpo- 
rated herein by reference. 

Because the microcomputer is embedded in the smart card 
body, the card surface must include electrical contacts which 
function as a communications port to interface the micro- 
computer in the card with a processor in an AIM or a 
merchant terminal. The power, input, and display for a smart 
card microcomputer is thus provided by interfacing the card 
with an ATM or merchant terminal. 
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A smart card terminal must be provided with a detection 
mechanism to determine when a smart card has been 
inserted and that the card is properly positioned. To be 
properly positioned, the communications contacts on the 
5 card must be in contact with electrical contacts that com- 
municate with the terminal processor. 

Once the smart card is properly positioned, the terminal 
will provide power to the microcomputer on the card and 
send a reset (RST) signal to the card. The card uses the RST 
signal to reset itself or to initiate an internal reset function. 
When the card is reset, it sends the terminal an answer-to- 
reset (ATR) signal. The ATR signal informs the card termi- 
nal of basic information about the card so that communica- 
tions between the card and the terminal can be established 
accordingly. 

15 Global standards for the physical construction of smart 
cards have been established and widely accepted. The Inter- 
national Standards Organization (ISO) standard 7816-1 to -6 
specifies the physical characteristics of smart cards such as 
the size, composition, placement of electrical contacts, the 

20 electrical interface, the method of data transmission for 
smart cards i.e. T= — 0, T=l etc., the interface message 
format and identification of applications stored in the card. 

While ISO standard 7816 has largely led to uniformity in 
the physical construction and communication protocol of 

25 smart cards, the standard does not specify the operating 
system or the application programming to be used. The 
operating system a smart card uses is the software that tells 
the microcomputer on the smart card how to execute appli- 
cation programs. For example, the Disk Operating System 

30 (DOS) used by IBM-compatible desktop computers or Sys- 
tem 7s used by Apples Macintosh computers are operating 
systems. 

A smart card operating system (SCOS) is established by 
the manufacturer of the microcomputer embedded in the 

35 smart card. To protect it from being erased or modified, the 
SCOS will likely be hard -wired or masked onto the semi- 
conductor chip of the card's microcomputer and/or partially 
stored in EEPROM. 
The International Standard Organization has defined two 

40 standard methods for structuring information for transmis- 
sion between a smart card and an ATM or merchant terminal. 
They are: the character mode protocol (T=0), and a block 
mode protocol (T=l). As part of the power up sequence, an 
Automatic Termination Response (ATR) message is 

45 returned from the smart card to identify the transmission 
protocol it supports. Both traasraission protocols are widely 
accepted by cither ATM's or merchant terminals, and some 
smart cards can function using either the T=0 or T=l 
protocols. Based on the ATR message, the terminal and 

50 smart card can then agree on a protocol and transact. 

A first principal characteristic of smart card programming 
is its security system. In financial apphcations, security is a 
key concern in the use of smart cards. To inspire bank, 
merchant and cardholder confidence in smart card 

55 technology, smart cards must be provided with security 
features to prevent unauthorize use of a lost or stolen card. 
Smart card security features must also prevent someone 
from fraudulently adding value to a card and from counter- 
feiting a card that can access a cardholder's account. 

60 The integrated circuits (\C's) used in smart cards arc 
physically designed for security. For example, the key 
electrical signal leads are placed below the top layer of the 
IC construction. This helps prevent a counterfeiter from 
probing the leads to determine the electronic addresses at 

65 which particular data is stored. Without this information, a 
counterfeiter cannot successfully counterfeit or compromise 
a smart card. 
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Another example of a security feature is particularly 
applicable to stored value cards. When functioning as stored 
value cards, smart cards can be programmed and 
re-programmed to contain a particular value as desired by 
the cardholder. This value is gradually depleted as purchases 5 
arc made. A merchant tenminal at a point of sale may be able 
to simply deduct value from the smart card, or the card can 
be designed to require the cardholder to input a personal 
identification number (PIN) before value may be deducted 
from the card. lo 

This security feature protects the value of the card from 
unauthorized use if the card is lost or stolen. A smart card 
may have both freely-accessible value and PlN-protected 
value stored on it. An ATM can be provided with options that 
allow the cardholder to set the value of the smart card as 15 
desired. 

A smart card can have the option of allowing the user to 
lock and unlock the electronic purse using a personal reader 
device equivalent in size to a small hand held calculator. 

To provide a higher level of security, a smart card system 20 
can make use of security algorithms, A security algorithm is 
a series of mathematical functions that can be performed on 
a number or alphanumeric string. With a security algorithm, 
an ATM or a merchant terminal will perform the steps of the 
algorithm on a randomly generated string. This is called 25 
encryption. 

The result is communicated by the ATM or merchant 
terminal to the smart card. Hie smart card then performs the 
steps of the algorithm in reverse order on the encrypted 
string provided by the ATM or merchant terminal. This is 30 
called decryption. An encryption key is a specific number or 
string that is used to govern the behavior of the encryption/ 
decryption process. If the smart card has the correct algo- 
rithm and encryption key, it will generate the same string 
with which the AIM or merchant terminal started. 35 

Encryption and decryption, also called ciphering and 
deciphering, prevent someone from counterfeiting a smart 
card as long as the encryption keys are known only to the 
issuer of the smart card and the entity supporting the AITVI 
and merchant terminal system. If the smart card's result is 40 
the same string with which the ATM or merchant terminal 
started, the smart card is authenticated and the desired 
transaction may proceed. 

Two types of encryption schemes now in use are an 
asymmetric encoding system and a symmetrical encoding 45 
system In a symmetrical encoding system, both encipher and 
decipher use an identical key. In order to maintain the 
security for the whole system, this key must be kept secret. 
Several symmetrical encoding system which have been 
adopted by the industry are entitled the Data Encryption 50 
Standard (DBS) and the RC4/RC5 algorithm proposed by 
RSA. The DES algorithm has been used longer than any 
other algorithm and has been more widely accepted by the 
world-wide financial industry. Every card and each terminal 
used in the system must have the correct key established to 55 
reach the correct result and be authenticated when chal- 
lenged. To be successful, a counterfeiter must determine the 
correct key. Aided with a limited number or retrials, the level 
of security is raised. 

An asymmetrical encoding system uses a pair of keys to 60 
cipher/decipher respectively. Knowledge of one key does 
not aid in the derivation of the other key. This encoding 
algorithm allows the sender to pubfish one key (public key) 
and keep the other key (private) secret without compromis- 
ing the system's security. Therefore, the asymmetrical 65 
encoding system is also called the pub he key cryptography 
(PKC) system. 
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In an asymmetrical encoding system, both a public and 
private key are used with the security algorithm. The private 
key is specific to each cardholder's account and wiU be 
known only by the ATM or merchant terminal and the 
cardholder's smart card. By keeping this key secret, the 
counterfeiter will have problems penetrating the system. 

In addition, different public and private keys can be 
established for when the smart card is being used as a credit 
card, a stored value card, a debit card, etc. Though efifective, 
such security measures increase the cost of the smart card in 
proportion to the level of security provided. 

Additionally, messages transmitting information or 
instructions between a smart card and a terminal may be 
encrypted by the sender and decrypted by the receiver to 
prevent a counterfeiter from tapping into the communication 
between an authentic card and an authorized terminal to 
make illicit use of the interaction. 

Another principal diaracteristic of a smart card applica- 
tion program is the set of access conditions. A computerized 
system, such as smart cards and card terminals, must have a 
system which allows the card or the card terminal to read 
and write data in memory when doing so is appropriate. The 
apphcation programming on the smart card or the applica- 
tion program being run by the terminal teUs the components 
of the system when to read and write data and allows 
reading/writing under the established access conditions. 

StiU another characteristic of a smart card apphcation 
program is its data structure. The data structure is the set of 
rules an application program uses lo determine where in the 
memory of the smart card particular data or types of data 
will be stored. 

Obviously, numerous modifications and variations of the 
present invention are possible in light of the above teach- 
ings. It is therefore to be understood that within the scope of 
the appended claims, the invention may be practiced other- 
wise than as specifically described herein. 

What is claimed is: 

1. A financial information and transaction system com- 
prising: 

a host financial computer system, said host system main- 
taining records of user account information; 

at least one terminal providing a user interface for access- 
ing said host financial computer system, said at least 
one terminal including a means for transmitting and 
receiving data corresponding to the user account 
information, a smart card interface device; 

and a smart card; 

wherein access to said records of user account informa- 
tion are organized in a hierarchy of three or more levels, 
said hierarchy of three or more levels comprising an 
initial level, a final level, and one or more intervening 
levels; 

wherein said records of user account information are 
accessed by passing through said hierarchy of three or 
more levels; and 

wherein means are provided for allowing access lo the 
final level in the hierarchy by an automated task 
without passing through said one or more intervening 
levels. 

2. The system according to claim I, wherein said means 
for allowing access to the final level in the hierarchy by an 
automated task is provided on the smart card. 

3. The system according to claim 1, wherein said means 
for allowing access to the final level in the hierarchy by an 
automated task is provided in the smart card interface 
device. 
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4. The system according to claim 1, wherein said means 
for allowing access to the final level in the hierarchy by an 
automated task is provided on the host financial computer 
system. 

5. The system according to claim 1, wherein said records 5 
of user account information comprises checking account 
balance. 

6. The system according to claim 1, wherein said records 
of user account information comprises savings account 
balance. 10 

7. A financial information and transaction system com- 
prising: 

a host financial computer system, said host system main- 
taining records of user account information; 

at least one terminal providing a user interface for access- 
ing said host financial computer system, said at least 
one terminal including a means for conducting a trans- 
action based on the user account information, 

a smart card interface device; 

and a smart card; 

wherein conducting said transaction based on said records 
of user account information is organized in a hierarchy 
of three or more levels, said hierarchy of three or more 
levels comprising an initial level, a final level, and one 25 
or more intervening levels; 

wherein said transaction is conducted by passing through 
said hierarchy of three or more levels; and 

wherein means are provided for allowing access to the 
final level in the hierarchy by an automated task 



15 



20 



without passing through said one or more intervening 
levels. 

8. The system according to claim 7, wherein said means 
for allowing access to the final level in the hierarchy by an 
automated task is provided on the smart card. 

9. The system according to claim 7, wherein said means 
for allowing access to the final level in the hierarchy by an 
automated task is provided in the smart card interface 
device. 

10. The system according to claim 7, wherein said means 
for aUoAving access to the final level in the hierarchy by an 
automated task is provided on the host financial computer 
system. 

11. The system according to claim 7, wherein said trans- 
action comprises a deposit of funds. 

12. The system according to claim 7, wherein said trans- 
action comprises a withdrawal of funds. 

13. The system according to claim 7, wherein said trans- 
action comprises an exchange of currency. 

14. The system according to claim 7, wherein said trans- 
action comprises a transfer of funds between said user's 
checking account and said user's savings account. 

15. The system according to claim 7, wherein said trans- 
action comprises a purchase of stock. 

16. The system according to claim 7, wherein said trans- 
action comprises a sale of stock. 
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